In this episode, we sit down with Graeme Neilson, Founder and Chief Research Officer at Siege, as he unpacks why the security industry often ignores the halting problem—a foundational concept in computer science that explains why software will always contain bugs and vulnerabilities. Graeme challenges the efficacy of awareness training programs, arguing that fundamental flaws in protocols like email and the complexity of software itself, not user behaviour, are the real culprits behind persistent cyber risks. The discussion explores the ongoing frustrations around password management and multifactor authentication, the dangers of concentrating credentials in cloud-based password managers, and the risks introduced by abstracted and AI-generated code. Graeme also emphasises that the true security challenge lies in managing identity—both human and machine—as digital systems become more pervasive and embedded in our daily lives, advocating for a move towards treating cybersecurity issues more like safety concerns in other industries.

Graeme was born in Scotland, learnt cracking, reverse engineering and security from the Internet. Emigrated to NZ in early 2000’s and was one of the founders of Aura Information Security (pen testing company and RedShield (web defence company). He has presented original offensive security research at many international conferences including Blackhat, H2HC, Troopers, Ruxcon and Kiwicon. Now he is head of research for Siege Ltd, an NZ based company specialising in testing denial of service and bot mitigations.